Headline

CVE-2016-3097: 1322747 – (CVE-2016-3097) CVE-2016-3097 spacewalk-java: Multiple XSS flaws

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.

8 years ago

CVE

Open in Source

#xss #vulnerability #web #linux #red_hat #java

Bug 1322747 (CVE-2016-3097) - CVE-2016-3097 spacewalk-java: Multiple XSS flaws

Summary: CVE-2016-3097 spacewalk-java: Multiple XSS flaws

Keywords:

Status:

CLOSED ERRATA

Alias:

CVE-2016-3097

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

medium

Severity:

medium

Target Milestone:

—

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

1322710

Blocks:

1322748

TreeView+

depends on / blocked

Reported:

2016-03-31 09:07 UTC by Adam Mariš

Modified:

2021-02-17 04:07 UTC (History)

CC List:

7 users (show)

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed group names. An attacker can embed HTML and Javascript in the values for group names in Satellite, allowing them to inject malicious content into the web page that is then displayed when viewing the snapshot data.

Clone Of:

Environment:

Last Closed:

2016-07-26 09:27:01 UTC

Attachments

(Terms of Use)

Add an attachment (proposed patch, testcase, etc.)

Links

System

Private

Priority

Status